5

I have installed the ssh utility on an embedded system but I can't connect to it. I am able to ssh from the device to another computer on the network but not the other way around.

The only port opened in the device is the 21st:

userk@dopamine:~$ nmap 160.80.97.X

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-09 20:49 CET
Nmap scan report for 160.80.97.X
Host is up (0.0092s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
21/tcp open  ftp

When I try to connect to it I get a connection refused error. I have tried with another port but nothing has changed. The configuration file /etc/ssh/sshd_config is the following

#Port 22
Port 223
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

I don't have iptables and I can't install it. How can I connect to the device using ssh?

Solution

There was a problem with the generated keys. Move them to the /tmp folder

mv /etc/ssh/ssh_host_* /tmp

And regenerate the keys with

/etc/init.d/S50sshd restart OR /etc/init.d/sshd restart

or

ssh-keygen -A

Thanks to Bratchley, Abrixas2 and 0xC0000022L.

UserK
  • 2,334
  • 5
  • 21
  • 25
  • have you installed sshd? If so type `/etc/init.d/ssh restart` – ctrl-alt-delor Feb 09 '15 at 20:10
  • 1
    Have you checked that `sshd` is actually running? – Abrixas2 Feb 09 '15 at 20:11
  • 1
    Joining the choir, I would check `netstat -tlpn` to see if `sshd` is both running and listening on the port you're expecting it to run on. – Bratchley Feb 09 '15 at 20:18
  • @richard I get `/etc/init.d/ssh not found` I have S50sshd in the folder. `I have tried /etc/init.d/S50sshd restart` but it could not load host keys. I get `key_load_public: invalid format` – UserK Feb 09 '15 at 20:20
  • @Bratchley. Ssh is not running. Netstat says that only the tcp protocol is active – UserK Feb 09 '15 at 20:21
  • 2
    @narutov6 then the problem is that something is wrong with the host keys. They may need to be re-generated. I would `mv /etc/ssh/ssh_host_* /tmp` and try to run `/etc/init.d/sshd restart` and see if it regenerates the keys for you that way. – Bratchley Feb 09 '15 at 20:25
  • 1
    @narutov6 You can run `ssh-keygen -A` to generate host keys for all known key types, for which host keys do not exist. This should normally be done during the configuration of `sshd` or during the first start of `sshd`. – Abrixas2 Feb 09 '15 at 20:27
  • 1
    You're sure the device has that IP, though? What's the output of `lsof -i TCP:22 -s TCP:LISTEN` say? Did you try to reinstall (`apt-get --reinstall openssh-server`) `sshd` or set it to start by default (`update-rc.d ssh defaults`) and then start (with `service`)? All assuming Rasbian. Also, did you try to run the SSH server from the command line using `$(which sshd) -Ddp 10222` (as superuser) and then connecting to port 10222 from a client? If `sshd` isn't running you can also leave out the `-p 10222` altogether. What about `dpkg-reconfigure openssh-server` to regenerate all the host keys? – 0xC0000022L Feb 09 '15 at 20:37
  • @narutov6: check out [this old answer of mine](http://unix.stackexchange.com/a/128910/5462) – 0xC0000022L Feb 09 '15 at 20:38
  • @0xC0000022L I've read your answer, it was really useful and verbose. Next time I will use it as a debugger. Unfortunately, I could not test `apt-get --reinstall openssh` because the only package manager I have is `opkg` (never used so far). Same problem with `dpkg-reconfigure`. Thanks anyway – UserK Feb 09 '15 at 21:40

1 Answers1

1
#Port 22
Port 223

Is that not 22 being commented out and 223 being active? Have you tried 223 yet?

jasonwryan
  • 71,734
  • 34
  • 193
  • 226
s1ns3nt
  • 121
  • 1
  • 1
  • 3
  • 1
    Nice catch but `tcp/223` probably would've came up in his `nmap` scan as well. – Bratchley Feb 09 '15 at 20:16
  • 3
    Not at all. Maybe 223 is not a "common port" what will be scaned by the command `nmap` without parameters... –  Feb 09 '15 at 20:59
  • @Bratchley: nwildner is right. The OP should use `nmap -p 1-65535 160.80.97.X` or similar. – 0xC0000022L Feb 09 '15 at 21:05
  • I stand corrected, I just ran it on a local system and it doesn't scan 223 by default unless I do `-p`. The OP's problem is with the daemon not starting though. – Bratchley Feb 09 '15 at 21:17
  • Yes, I've tried with `ssh [email protected] -p 223`. I deleted the keys and re-generated them. Now it works. Thank you anyway – UserK Feb 10 '15 at 00:29
  • @narutov6: wow, that's really weak. See, people have been swarming to help you find a solution and all you do is to say that you found a solution and it works now? It'd be helpful for future Internauts with a similar problem to find out what steps you followed to solve diagnose and solve the problem. – 0xC0000022L Feb 10 '15 at 08:11
  • I appreciate your help and the fact that you make new users understand what's the aim of StackExchange. I'm still looking for the cause of the problem. – UserK Feb 10 '15 at 14:23
  • @0xC0000022L You could try being less of a jerk. The solution actually is up in the comments if you had bothered to read it. – Bratchley Feb 10 '15 at 15:44
  • So now we're shifting it to saying he should have posted an answer whereas before it was just that he didn't provide any intermediate steps? I also think you're the one who started with the ad hominems. – Bratchley Feb 10 '15 at 16:26
  • @Bratchley: never mind. Whatever you say. – 0xC0000022L Feb 10 '15 at 21:13
  • @narutov6: wait, you said before that it works now. This indicated that you found a solution. Please edit your question to add the steps you have already tested. – 0xC0000022L Feb 10 '15 at 21:14